pony | 1e680ce8a1551c6057a7dc1bc302c3f428b6525a07d19176e9602a9b0ac2586b

General

Target

JaffaCakes118_7a3256ba5499ce4839131c5faadf8430
Size

98KB
Sample

250104-rtxclatkas
MD5

7a3256ba5499ce4839131c5faadf8430
SHA1

b1ce3f119fe69125a35590a198f712d2fbbd7d5a
SHA256

1e680ce8a1551c6057a7dc1bc302c3f428b6525a07d19176e9602a9b0ac2586b
SHA512

e66b002981c75a92c38a7c99b5e594fe46940f1e043a44fbcb8667ed6a803b252e0b51d8cdffcaf9cf92810444eae3d4c8436a0cfa8d4bfa35cb0d422a4c799a
SSDEEP

1536:8qAd5Kb70H+wPcbHS4pNGLsmYTQs/0SoOejxZUdAP7w+MeHEsMW9+/iC999e0T:zwe494YYnQ/nOcWdwbkE4/V

Score

10^/10

Malware Config

Extracted

Family

pony

C2

http://tjrtruj.pw:4915/doc/black.php

http://mtfaudj.pw:888/doc/black.php

Attributes

payload_url
http://fkewryu.pw:888/pic/Flash.exe

Targets

- Target
  
  JaffaCakes118_7a3256ba5499ce4839131c5faadf8430
- Size
  
  98KB
- MD5
  
  7a3256ba5499ce4839131c5faadf8430
- SHA1
  
  b1ce3f119fe69125a35590a198f712d2fbbd7d5a
- SHA256
  
  1e680ce8a1551c6057a7dc1bc302c3f428b6525a07d19176e9602a9b0ac2586b
- SHA512
  
  e66b002981c75a92c38a7c99b5e594fe46940f1e043a44fbcb8667ed6a803b252e0b51d8cdffcaf9cf92810444eae3d4c8436a0cfa8d4bfa35cb0d422a4c799a
- SSDEEP
  
  1536:8qAd5Kb70H+wPcbHS4pNGLsmYTQs/0SoOejxZUdAP7w+MeHEsMW9+/iC999e0T:zwe494YYnQ/nOcWdwbkE4/V
Score

10^/10

pony collection credential_access defense_evasion discovery rat spyware stealer
- Pony family
  pony
- Pony,Fareit
  Pony is a Remote Access Trojan application that steals information.
  rat spyware stealer pony
- Drops file in Drivers directory
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses Microsoft Outlook accounts
  collection
- Accesses Microsoft Outlook profiles
  collection
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Hide Artifacts: Hidden Files and Directories
  defense_evasion
behavioral1 behavioral2